Detailed attack pattern

Draft

CAPEC-59: Session Credential Falsification through Prediction

This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

High

Typical severity

Per MITRE

High

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Detailed

Abstraction

MITRE classification

Overview

CAPEC-59 (Session Credential Falsification through Prediction) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-59: Session Credential Falsification through Prediction

Overview

How the attack works

What the attacker needs

Prerequisites

Skills required

Consequences

How to mitigate it

Examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-59?

How does a Session Credential Falsification through Prediction attack work?

How do you prevent CAPEC-59?

What weaknesses does CAPEC-59 target?

How severe is CAPEC-59?

References

Defend against CAPEC-59

Overview

How the attack works

What the attacker needs

Prerequisites

Skills required

Consequences

How to mitigate it

Examples

Related weaknesses

Related attack patterns

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-59?

How does a Session Credential Falsification through Prediction attack work?

How do you prevent CAPEC-59?

What weaknesses does CAPEC-59 target?

How severe is CAPEC-59?

References

Defend against CAPEC-59